Hi List, We are testing a new passwd syntax policy in ldap we have only cfg password length to 8 char and according to this RH Doc bellow there are some exceptions( aka “trivial words” and uid, cn, givenName which can not be used )
when a user tries to update his passwd , for example if the new passwd contains more than 3 char from his uid the ldapasswd cmd will fail . Exemple : Uid=6712 For new Passwd :cheese671cheese >> will fail But for passwd: cheese67cheese will work . I need to understand if we need other passwd attributes to cfg or why this char min limitation and how to solve this issue? Our uid can be from 4 char lenhgt to 14 char length. Here is in ldap ldif: nsslapd-pwpolicy-inherit-global: on nsslapd-pwpolicy-local: off passwordTrackUpdateTime: on passwordCheckSyntax: on passwordminlenghth: 8 passwordMinCategories: 1 And RH DS doc : https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/deployment_guide/designing_a_secure_directory-designing_a_password_policy#Password_Policy_Attributes-Password_Syntax_Checking
9.6.2.7. Password Syntax Checking Password syntax checking enforces
rules for password strings, so that any password has to meet or exceed certain criteria. All password syntax checking can be applied globally, per subtree, or per user. Password syntax checking is set in the passwordCheckSyntax attribute. The default password syntax requires a minimum password length of eight characters and that no trivial words
are used in the password. A trivial word is any value stored in the uid, cn, sn, givenName, ou,
or mailattributes of the user's entry. Thank you Isabella |
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure